此站点无法提供安全连接xxxxxxxx使用不受支持的协议 - WCF自托管 [英] This site can't provide a secure connection xxxxxxxx uses an unsupported protocol - WCF self host
问题描述
我们有一个公开的WCF主机服务localhost端口9200上的[WebGet]方法。我们试图从javascript代码中使用它。它适用于IE11和Chrome v65。升级到chrome v68后,我开始收到以下错误
"此站点无法提供安全连接xxxxxxx使用不支持的协议。
ERR_SSL_VERSION_OR_CIPHER_
客户端和服务器不支持通用的SSL协议版本或密码套件。"
v68以上的任何版本的chrome都会出现同样的错误。
我已粘贴我的c#代码
**服务合同**
[WebGet(UriTemplate = "hello", ResponseFormat = WebMessageFormat.Json)]
[OperationContract]
string HelloWorld();
** appconfig **
<configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.1" /> </startup> <system.serviceModel> <services> <service name="SelfHostRestService.Service" behaviorConfiguration="ServiceBehavior"> <endpoint address="" bindingConfiguration="restBinding" binding="webHttpBinding" contract="Contracts.IService" behaviorConfiguration="webBehavior"/> </service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="6553600" />
<serviceThrottling maxConcurrentCalls="20" maxConcurrentSessions="40" maxConcurrentInstances="2147483647" /> </behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="webBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="restBinding" crossDomainScriptAccessEnabled="true"> <security mode="Transport">
<transport clientCredentialType="None"/> </security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
**服务托管** < span style ="text-decoration:underline">
Uri netTcpAdddress = new Uri("https://Example.com:9200");
ServiceHost wHostV2 = new ServiceHost(typeof(Service), netTcpAdddress);
X509Certificate2 certificate = new X509Certificate2(System.Environment.CurrentDirectory + "\\" + "Example.pfx", "password"); wHostV2.Credentials.ServiceCertificate.Certificate = certificate;
wHostV2.Open();
Console.WriteLine("Service is up and running");
Console.WriteLine("Press enter to quit ");
Console.ReadLine();
wHostV2.Close();
经过我的分析,看起来我的服务只运行在SSL& TLS 1.0上。以下是我的NMAP扫描结果
9200/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
| ssl-enum-ciphers:
| SSLv3:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
| TLS_RSA_WITH_DES_CBC_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| 64-bit block cipher DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| CBC-mode cipher in SSLv3 (CVE-2014-3566)
| Ciphersuite uses MD5 for message integrity
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
| TLS_RSA_WITH_DES_CBC_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| 64-bit block cipher DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| Ciphersuite uses MD5 for message integrity
|_ least strength: C
我尝试将我的.net框架升级到4.7,如下面的博客所示没有工作..
https://docs.microsoft.com/en-
感谢任何帮助。
Any help is appreciated.
推荐答案
嗨Remya J,
On我的方面,我使用以下命令将SSL证书绑定到端口,它就像一个魅力。
Hi Remya J,
On my side, I use the following command to binding the SSL cert to the port and it works like a charm.
netsh http add sslcert port=0.0.0.0:9201 certhash=6e48c590717cb2c61da97346d5901b260e983850 appid={61466809-CD17-4E31-B87B-E89B003FABFA}
certhash参数指定证书的指纹。
appid位于Project.csproj文件。
certhash parameter specifies the thumbprint of the certificate.
The appid is inside of the Project.csproj file.
<ProjectGuid>{56FDE5B9-3821-49DB-82D3-9DCE376D950A}</ProjectGuid>
以下是官方文件,希望对您有用。
https://docs.microsoft.com/en-us/windows/desktop/http/add-sslcert
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-a-port-with-an-ssl-certificate
如果有任何我可以提供的帮助,请随时告诉我。
最好的问候
Abraham
Here is the official document, wish it is useful to you.
https://docs.microsoft.com/en-us/windows/desktop/http/add-sslcert
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-a-port-with-an-ssl-certificate
Feel free to let me know if there is anything I can help with.
Best Regards
Abraham
这篇关于此站点无法提供安全连接xxxxxxxx使用不受支持的协议 - WCF自托管的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!